SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 234

changes.mady.by.user Michael Rosenman

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: C17 ref as well as C24 ref

Anchor
Apple Acton 06Apple 06
Wiki Markup\[Apple 06\] Apple, Inc. [_Secure Coding Guide_|http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/SecureCodingGuide.pdf], May
Acton 06

[Acton 2006] Acton, Mike. "Understanding Strict Aliasing." CellPerformance, June 1, 2006.

Anchor
Austin Group 08Austin Group 08

Wiki Markup
\[Austin Group 08\] "Draft Standard for Information Technology - Portable Operating System Interface (POSIX®) - Draft Technical Standard: Base Specifications, Issue 7," IEEE Unapproved Draft Std P1003.1 D5.1. Prepared by the [Austin Group|http://www.opengroup.org/austin/]. New York: Institute of Electrical & Electronics Engineers, Inc., May 2008.

...

Wiki Markup
\[Banahan 03\] Banahan, Mike. [_The C Book_|http://www.phy.duke.edu/~rgb/General/c_book/c_book/index.html], 2003.

...

Aho 1986
Aho 1986

[Aho 1986] Aho, Alfred V.; Sethi, Ravi; Ullman, Jeffrey D. "Compilers: Principles, Techniques, and Tools" (2nd ed.), 1986.

Anchor
Apiki 2006
Apiki 2006

[Apiki 2006] Apiki, Steve. "Lock-Free Programming on AMD Multi-Core System." AMD Developer Central, 2006.

Anchor
Apple 06
Apple 06

[Apple 2006] Apple, Inc. Secure Coding Guide . May 2006.

Anchor
Asgher 2000
Asgher 2000

[Asgher 2000] Asgher, Sarmad. "Practical Lock-Free Buffers." Dr. Dobbs Go-Parallel, August 26, 2000.

Anchor
Bailey 14
Bailey 14

[Bailey 2014] Bailey, Don A. Raising Lazarus—The 20 Year Old Bug that Went to Mars . 2014.

Anchor
Banahan 03
Banahan 03

[Banahan 2003] Banahan, Mike. The C Book . 2003.

Anchor
Barney 10
Barney 10

[Barney 2010] Barney, Blaise. "Mutex Variables." POSIX Threads Programming, 2010.

Anchor
Becker 08
Becker 08

[Becker 2008] Becker, Pete. Working Draft, Standard for Programming Language C++. April 2008.

Anchor
Beebe 05
Beebe 05

[Beebe 2005] Beebe, Nelson H. F. Re: Remainder (%) Operator and GCC. 2005.

Anchor
Black 07
Black 07

[Black 2007] Black, Paul E.; Kass, Michael; & Koo, Michael. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007

...

Wiki Markup
\[Beebe 05\] Beebe, Nelson H. F. [Re: Remainder (%) operator and GCC|http://gcc.gnu.org/ml/gcc-help/2005-11/msg00141.html], 2005.

AnchorBecker 08Becker 08 Wiki Markup\[Becker 08\] Becker, Pete. [Working Draft, Standard for Programming Language C+\+|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2008/n2521.pdf], April 2008.

Anchor
Brainbell.com
Brainbell.com
Wiki Markup\[Brainbell.com\]
[Brainbell.com] Brainbell.com. [_Advice and Warnings for C Tutorials_|http://www.brainbell.com/tutors/c/Advice_and_Warnings_for_C/].

Anchor
Bryant 03
Bryant 03
Wiki Markup
\[Bryant 03\2003] Bryant, Randal E. , & O'Halloran, David. _Computer Systems: A Programmer's Perspective_. Prentice . Upper Saddle River, NJ: Prentice Hall, 2003 (ISBN 0-13-034074-X).

Anchor
Burch 06
Burch 06
unmigrated-wiki-markup
\
[Burch 06\2006] Burch, Hal, ; Long, Fred, ; & Seacord, Robert C. [_Specifications for Managed Strings_|http://www.sei.cmu.edu/publications/documents/06.reports/06tr006.html] (CMU/SEI-2006-TR-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Anchor
Callaghan 95Callaghan 95

Wiki Markup
\[Callaghan 95\] Callaghan, B., Pawlowski, B., & Staubach, P. [IETF RFC 1813 NFS Version 3 Protocol Specification|http://www.ietf.org/rfc/rfc1813.txt], June 1995.

Butenhof 97
Butenhof 97

[Butenhof 1997] Butenhof, David R. Programming with POSIX® Threads . Boston: Addison-Wesley Professional, 1997 (ISBN 0-201-63392-2).

Anchor
C99 2003
C99 2003

[C99 Rationale 2003] Rationale for International Standard—Programming Languages—C, Revision 5.10 (C99 Rationale), April 2003.

Anchor
Callaghan 95
Callaghan 95

[Callaghan 1995] Callaghan, B; Pawlowski, B.; & Staubach, P. IETF RFC 1813 NFS Version 3 Protocol Specification, June 1995.

Anchor
Cassidy 2014
Cassidy 2014

[Cassidy 2014] Cassidy, Sean. existential type crisis : Diagnosis of the Heartbleed Bug [blog post]. April 2014.

Anchor
CERT 06a
CERT 06a

[CERT 2006a] CERT/CC. CERT/CC Statistics 1988–2006. AnchorCERT 06aCERT 06a Wiki Markup\[CERT 06a\] CERT/CC. [CERT/CC Statistics 1988---2006|http://www.cert.org/stats/cert_stats.html].

Anchor
CERT 06b
CERT 06b
unmigrated-wiki-markup
\
[CERT 06b\2006b] CERT/CC. US-CERT's [Technical Cyber Security Alerts|http://www.us-cert.gov/cas/techalerts/index.html].

Anchor
CERT 06c
CERT 06c
Wiki Markup\
[CERT 06c\2006c] CERT/CC. [Secure Coding|http://www.cert.org/secure-coding/] web siteCoding website.

Anchor
Chen 02
Chen 02
Wiki Markup
\[Chen 02\]  2002]  Chen, H., ; Wagner, D., ; & Dean, D. "Setuid demystifiedDemystified. " USENIX Security Symposium, 20022002.

Anchor
Chess 07
Chess 07

[Chess 2007] Chess, Brian, & West, Jacob. Secure Programming with Static Analysis. Boston: Addison-Wesley 2007.

Anchor
Corfield 93
Corfield 93
Wiki Markup\
[Corfield 93\1993] Corfield, Sean A. "[Making String Literals 'const'|http://www.open-std.org/jtc1/sc22/wg21/docs/papers/1993/N0389.asc]," November 1993.

Anchor
Coverity 07
Coverity 07
unmigrated-wiki-markup
\
[Coverity 07\2007] Coverity Prevent User's Manual (3.3.0), . 2007.

Anchor
CVE
CVE
Wiki Markup\
[CVE\] [Common Vulnerabilities and Exposures|http://cve.mitre.org/].

Anchor
CPPReference
CPPReference
unmigrated-wiki-markup
\
[C+\+ Reference\] [Standard C Library, General C\++, C++ Standard Template Library|http://www.cppreference.com/]

Anchor
Dewhurst 02
Dewhurst 02
unmigrated-wiki-markup
\
[Dewhurst 02\2002] Dewhurst, Stephen C. _C+\+ Gotchas: Avoiding Common Problems in Coding and Design_. Boston: Addison-Wesley Professional, 2002.

Anchor
Dewhurst 05
Dewhurst 05
Wiki Markup
\[Dewhurst 05\2005] Dewhurst, Stephen C. _C+\+ Common Knowledge: Essential Intermediate Programming_. Boston, MA: Addison-Wesley Professional, 2005.

Anchor
DHS 06
DHS 06
Wiki Markup\
[DHS 06\2006] U.S. Department of Homeland Security. [Build Security In|https://buildsecurityin.us-cert.gov/].. 2006.

Anchor
DOD 5220 DOD 5220

Wiki Markup
\[DOD 5220\] U.S. Department of Defense. [DoD Standard 5220.22-M|http://security.ouhsc.edu/docs/policies/approved/DoD_5220.doc] (Word document).

...

Wiki Markup
\[Dowd 06\] Dowd, M., McDonald, J., & Schuh, J. _The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities_. Boston: Addison-Wesley, 2006. See [http://taossa.com] for updates and errata.

...

Wiki Markup
\[Drepper 06\] Drepper, Ulrich. [Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong)|http://people.redhat.com/drepper/defprogramming.pdf], May 3, 2006.

...

Wiki Markup
\[Eckel 07\] Eckel, Bruce. [_Thinking in C+\+ Volume 2_|http://bruce-eckel.developpez.com/livres/cpp/ticpp/v2/], January 25, 2007.

...

Wiki Markup
\[ECTC 98\] Embedded C+\+ Technical Committee. [_The Embedded C+\+ Programming Guide Lines_|http://www.caravan.net/ec2plus/guide.html], Version WP-GU-003. January 6, 1998.

...

DISA 2008
DISA 2008
Anchor
DISA 2015
DISA 2015

[DISA 2015] DISA. Application Security and Development Security Technical Implementation Guide, Version 3, Release 10. Accessed April 2015.

Anchor
DISA 2016
DISA 2016

[DISA 2016] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 1. Accessed January 2017.

Anchor
DISA 2018
DISA 2018

[DISA 2018] DISA. Application Security and Development Security Technical Implementation Guide, Version 4, Release 8. Accessed January 2019.

Anchor
DOD 5220
DOD 5220

[DOD 5220] U.S. Department of Defense. DoD Standard 5220.22-M (Word document).

Anchor
Dowd 06
Dowd 06

[Dowd 2006] Dowd, M.; McDonald, J.; & Schuh, J. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Boston: Addison-Wesley, 2006.

Anchor
Drepper 06
Drepper 06

[Drepper 2006] Drepper, Ulrich. Defensive Programming for Red Hat Enterprise Linux (and What To Do If Something Goes Wrong). May 3, 2006.

Anchor
Duff 88
Duff 88

[Duff 1988] Duff, Tom. Tom Duff on Duff's Device. August 29, 1988.

Anchor
Dutta 03
Dutta 03

[Dutta 2003] Dutta, Shiv. Best Practices for Programming in C. June 26, 2003.

Anchor
Eckel 07
Eckel 07

[Eckel 2007] Eckel, Bruce. Thinking in C++, Vol. 2 . January 25, 2007.

Anchor
ECTC 98
ECTC 98

[ECTC 1998] Embedded C++ Technical Committee. The Embedded C++ Programming Guide Lines , Version WP-GU-003. January 6, 1998.

Anchor
Eide and Regehr
Eide and Regehr

[Eide and Regehr] Eide, E., & Regehr, J. Volatiles Are Miscompiled, and What to Do about It. 2008.

Anchor
Feather 97
Feather 97

[Feather 1997] Feather, Clive, D. W. Solving the struct Hack Problem. JTC1/SC22/WG14 N791. (1997).

Anchor
Finlay 03
Finlay 03

[Finlay 2003] Finlay, Ian A. CERT Advisory CA-2003-16, Buffer Overflow in Microsoft RPC. CERT/CC, July 2003.

Anchor
Fisher 99
Fisher 99

[Fisher 1999] Fisher, David & Lipson, Howard. "Emergent Algorithms—A New Method for Enhancing Survivability in Unbounded Systems." Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32). Maui, HI, January 5–8, 1999.

Anchor
Flake 06
Flake 06

[Flake 2006] Flake, Halvar. "Attacks on Uninitialized Local Variables." Black Hat Federal, 2006.

Anchor
Fortify 06
Fortify 06

[Fortify 2006] Fortify Software Inc. Fortify Taxonomy: Software Security Errors. 2006.

Anchor
Fomichev 16
Fomichev 16

[Fomichev 2016] Fomichev, Roman. "Safe Clearing of Private Data". PVS-Studio Team, 2016.

Anchor
FSF 05
FSF 05

[FSF 2005] Free Software Foundation. GCC Online Documentation. 2005.

Anchor
Garfinkel 96
Garfinkel 96

[Garfinkel 1996] Garfinkel, Simson & Spafford, Gene. Practical UNIX & Internet Security, 2nd ed. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

Anchor
GCC Bugs
GCC Bugs

[GCC Bugs] GCC Team. GCC Bugs. Free Software Foundation, Inc.

Anchor
GNU 10
GNU 10

[GNU 2010] GNU. Coding Standards. GNU, 2010.

Anchor
GNU Pth
GNU Pth

[GNU Pth] Engelschall, Ralf S. GNU Portable Threads, 2006.

Anchor
Goldberg 91
Goldberg 91

[Goldberg 1991] Goldberg, David. What Every Computer Scientist Should Know about Floating-Point Arithmetic. Sun Microsystems, March 1991.

Anchor
Goodin 2009
Goodin 2009

[Goodin 2009] Goodin, Dan. Clever Attack Exploits Fully-Patched Linux Kernel. The Register, July 2009.

Anchor
Gough 2005
Gough 2005

[Gough 2005] Gough, Brian J. An Introduction to GCC. Network Theory Ltd., Revised August 2005 (ISBN 0-9541617-9-3).

Anchor
Graf 03
Graf 03

[Graff 2003] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

Anchor
Greenman 97
Greenman 97

[Greenman 1997] Greenman, David. Serious Security Bug in wu-ftpd v2.4 . BUGTRAQ Mailing List (bugtraq@securityfocus.com), January 2, 1997.

Anchor
Griffiths 06
Griffiths 06

[Griffiths 2006] Griffiths, Andrew. Clutching at Straws: When You Can Shift the Stack Pointer. 2006.

Anchor
Gutmann 96
Gutmann 96

[Gutmann 1996] Gutmann, Peter. Secure Deletion of Data from Magnetic and Solid-State Memory. July 1996.

Anchor
Haddad 05
Haddad 05

[Haddad 2005] Haddad, Ibrahim. "Secure Coding in C and C++: An Interview with Robert Seacord, Senior Vulnerability Analyst at CERT." Linux World Magazine, November 2005.

Anchor
Hatton 95
Hatton 95

[Hatton 1995] Hatton, Les. Safer C: Developing Software for High-Integrity and Safety-Critical Systems. New York: McGraw-Hill, 1995 (ISBN 0-07-707640-0).

Anchor
Hatton 03
Hatton 03

[Hatton 2003] Hatton, Les. EC-: A Measurement-Based Safer Subset of ISO C Suitable for Embedded System Development. November 5, 2003.

Anchor
Henricson 92
Henricson 92

[Henricson 1992] Henricson, Mats & Nyquist, Erik. Programming in C++, Rules and Recommendations. Ellemtel Telecommunication Systems Laboratories, 1992.

Anchor
Horton 90
Horton 90

[Horton 1990] Horton, Mark R. Portable C Software. Upper Saddle River, NJ: Prentice-Hall, 1990 (ISBN:0-13-868050-7).

Anchor
Howard 02
Howard 02

[Howard 2002] Howard, Michael & LeBlanc, David C. Writing Secure Code 2nd ed. Redmond, WA: Microsoft Press, 2002.

Anchor
HP 03
HP 03

[HP 2003] Hewlett-Packard Company. Tru64 UNIX: Protecting Your System against File Name Spoofing Attacks. Houston, TX: Hewlett-Packard Company, January

...

Wiki Markup
\[Eide and Regehr\] "[Volatiles are miscompiled, and what to do about it|http://portal.acm.org/citation.cfm?id=1450058.1450093]" Eide E., Regehr J.  2008.

...

Wiki Markup
\[Finlay 03\] Finlay, Ian A. CERT Advisory CA-2003-16, [Buffer Overflow in Microsoft RPC|http://www.cert.org/advisories/CA-2003-16.html]. CERT/CC, July 2003.

...

Wiki Markup
\[Fisher 99\] Fisher, David  & Lipson, Howard. "Emergent Algorithms - A New Method for Enhancing Survivability in Unbounded Systems." _Proceedings of the 32nd Annual Hawaii International Conference on System Sciences (HICSS-32)_. Maui, HI, January 5-8, 1999.

...

Wiki Markup
\[Flake 06\] Flake, Halvar. "[Attacks on uninitialized local variables|http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Flake.pdf]." Black Hat Federal 2006.

...

Wiki Markup
\[Fortify 06\] Fortify Software Inc. [Fortify Taxonomy: Software Security Errors|http://www.fortifysoftware.com/vulncat/], 2006.

...

Wiki Markup
\[FSF 05\] Free Software Foundation. [GCC online documentation|http://gcc.gnu.org/onlinedocs], 2005.

...

Wiki Markup
\[Garfinkel 96\] Garfinkel, Simson & Spafford, Gene. _Practical UNIX & Internet Security_, 2nd Edition. Sebastopol, CA: O'Reilly Media, April 1996 (ISBN 1-56592-148-8).

...

Wiki Markup
\[GNU Pth\] Engelschall, Ralf S. [GNU Portable Threads|http://www.gnu.org/software/pth/], 2006.

...

Wiki Markup
\[Goldberg 91\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, March 1991.

...

Wiki Markup
\[Gough 2005\] Gough, Brian J. [An Introduction to GCC|http://www.network-theory.co.uk/docs/gccintro/index.html]. Network Theory Ltd, Revised August 2005 (ISBN 0-9541617-9-3).

...

Wiki Markup
\[Graff 03\] Graff, Mark G. & Van Wyk, Kenneth R. _Secure Coding: Principles and Practices_. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

...

Wiki Markup
\[Greenman 97\] Greenman, David. [_serious security bug in wu-ftpd v2.4_|http://seclists.org/bugtraq/1997/Jan/0011.html]. BUGTRAQ Mailing List (bugtraq@securityfocus.com), January 2, 1997.

...

Wiki Markup
\[Griffiths 06\] Griffiths, Andrew. "[Clutching at straws: When you can shift the stack pointer|http://felinemenace.org/papers/p63-0x0e_Shifting_the_Stack_Pointer.txt]."

...

Wiki Markup
\[Gutmann 96\] Gutmann, Peter. [Secure Deletion of Data from Magnetic and Solid-State Memory|http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html], July 1996.

...

Wiki Markup
\[Haddad 05\] Haddad, Ibrahim. "Secure Coding in C and C++: An interview with Robert Seacord, senior vulnerability analyst at CERT." _Linux World Magazine_, November 2005.

...

Wiki Markup
\[Hatton 95\] Hatton, Les. _Safer C: Developing Software for High-Integrity and Safety-Critical Systems_. New York: McGraw-Hill Book Company, 1995 (ISBN 0-07-707640-0).

...

Wiki Markup
\[Henricson 92\] Henricson, Mats, & Nyquist, Erik. [Programming in C++, Rules and Recommendations|http://www.doc.ic.ac.uk/lab/cplus/c++.rules/]. Ellemtel Telecommunication Systems Laboratories, 1992.

...

Wiki Markup
\[Horton 90\] Horton, Mark R. _Portable C Software_. Upper Saddle River, NJ: Prentice-Hall, Inc., 1990 (ISBN:0-13-868050-7).

...

Wiki Markup
\[Howard 02\] Howard, Michael, & LeBlanc, David C. _[_Writing Secure Code, 2nd ed. Redmond, WA:_|http://www.microsoft.com/mspress/books/5957.aspx]_. Microsoft Press, December 2002.

AnchorHP 03HP 03 Wiki Markup\[HP 03\] [Tru64 UNIX: Protecting Your System Against File Name Spoofing Attacks|http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf]. Houston, TX: Hewlett-Packard Company, January 2003.

Anchor
IEC 60812 2006
IEC 60812 2006
Wiki Markup
\[IEC 60812 2006\] _Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA)_, 2nd ed. (IEC 60812). IEC, January ] IEC (International Electrotechnical Commission). Analysis Techniques for System Reliability—Procedure for Failure Mode and Effects Analysis (FMEA), 2nd ed. (IEC 60812). Geneva, Switzerland: IEC, 2006.

Anchor
IEC 61508 4
IEC 61508 4
Wiki Markup\
[IEC 61508-4\]  _Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations_, ] IEC. Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems—Part 4: Definitions and Abbreviations. Geneva, Switzerland: IEC, 1998.

Anchor
IEEE 754 2006
IEEE 754 2006

[IEEE 754 2006] IEEE (Institute of Electrical and Electronics Engineers). Standard for Binary Floating-Point Arithmetic (IEEE 754-1985). New York: IEEE, 2006.

Anchor
IEEE Std 610. Std 610.12 1990
IEEE Std 610.12 1990
Wiki Markup
\[IEEE Std 610.12 1990\] _IEEE. IEEE Standard Glossary of Software Engineering Terminology_, September 1990Terminology. (1990).

Anchor
IEEE 754 2006IEEE 754 2006

Wiki Markup
\[IEEE 754 2006\] IEEE. [_Standard for Binary Floating-Point Arithmetic_|http://grouper.ieee.org/groups/754/] (IEEE 754-1985), 2006.

...

Wiki Markup
\[IEEE 1003.1, 2004\] IEEE. [The Open Group Base Specifications Issue 6|http://www.opengroup.org/onlinepubs/009695399/] IEEE Std 1003.1, 2004 Edition

...

Std 1003.1-2004
IEEE Std 1003.1-2004

[IEEE Std 1003.1:2004] IEEE and The Open Group. The Open Group Base Specifications Issue 6 (IEEE Std 1003.1), 2004 Edition. (See also ISO/IEC 9945-2004 and Open Group 04.)

Anchor
IEEE Std 1003.1
IEEE Std 1003.1
Anchor
IEEE Std 1003.1-2008
IEEE Std 1003.1-2008

[IEEE Std 1003.1:2008] IEEE and The Open Group. The Open Group Base Specifications Issue 7 (IEEE Std 1003.1), 2008 Edition. See also ISO/IEC 9945-2008 and Open Group 2008.

Anchor
IEEE Std 1003.1-2013
IEEE Std 1003.1-2013

[IEEE Std 1003.1:2013] IEEE and The Open Group. Standard for Information Technology—Portable Operating System Interface (POSIX®), Base Specifications, Issue 7 (IEEE Std 1003.1, 2013 Edition). E-book: http://ieeexplore.ieee.org/servlet/opac?punumber=6506089.

Anchor
IETF RFC 6520
IETF RFC 6520

[IETF: RFC 6520] Internet Engineering Task Force (IETF). Request for Comments 6520: Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension. February 2012.

Anchor
IEEE 1003
IEEE 1003
Anchor
ilja 06
ilja 06

 [ilja 2006] ilja. "readlink abuse." ilja's blog. August 13, 2006.

Anchor
Intel 01
Intel 01

[Intel 2001] Intel Corp. _Floating-Point IEEE Filter for Microsoft Windows 2000 on the Intel® Itanium© Architecture. March 2001.

...

Wiki Markup
\[ilja 06\] ilja. "[readlink abuse|http://blogs.23.nu/ilja/stories/12551/]." _ilja's blog_, August 13, 2006.

...

Wiki Markup
\[Intel 01\] Intel Corp. [_Floating-Point IEEE Filter for Microsoft\* Windows\* 2000 on the Intel® Itanium™ Architecture_|ftp://download.intel.com/software/opensource/libraries/ieee/ieee_filter_windows2000.pdf], March 2001.

Anchor
Internet Society 00
Internet Society 00
Wiki Markup\
[Internet Society 00\2000] The Internet Society. [Internet Security Glossary (RFC 2828)|ftp://ftp. rfc-editor.org/in-notes/rfc2828.txt], 2000.

Anchor
ISO/IEC 64610646-19912003
ISO/IEC 646-1991
Wiki Markup\
10646-2003
Anchor
ISO-IEC 10646-2003
ISO-IEC 10646-2003

[ISO/IEC 64610646:1991\2003] ISO/IEC . _Information technology: ISO 7-bit coded character set for information interchange_ (ISO/IEC 646-1991). Geneva, Switzerland: International Organization for Standardization, 1991(International Organization for Standardization/International Electrotechnical Commission). Information Technology—Universal Multiple-Octet Coded Character Set (UCS) (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.

Anchor
ISO/IEC 994510646-20032012
ISO/IEC 9945-2003
Wiki Markup\[ISO/IEC 9945:2003\] _ISO/IEC 9945:2003 (including Technical Corrigendum 1), Information technology --- Programming languages, their environments and system software interfaces --- Portable Operating System Interface (POSIX®)_
IEC 10646-2012
Anchor
ISO-IEC 10646-2012
ISO-IEC 10646-2012

[ISO/IEC 10646:2012] ISO/IEC. Information technology—Universal Multiple-Octet Coded Character Set (UCS) (ISO/IEC 10646:2012). Geneva, Switzerland: ISO, 2012.

Anchor
ISO/IEC 989911889-1-19992009
ISO/IEC 9899-199911889-1-2009
Anchor
ISO-IEC 11889-1-2009
ISO-IEC 11889-1-2009

Wiki Markup\[ISO/IEC 9899:1999\] 11889-1:2009] ISO/IEC. _Programming Languages---C, 2nd ed_ Information Technology—Trusted Platform Module—Part 1: Overview (ISO/IEC 9899:199911889-1:2009). Geneva, Switzerland: International Organization for Standardization, 1999ISO, 2009.

Anchor
ISO/IEC 1064614882-2003
ISO/IEC 1064614882-2003
Anchor
ISO-IEC 14882-2003
unmigrated
ISO-
wiki
IEC 14882-
markup
2003
\
[ISO/IEC 1064614882:2003\] _Information technology - Universal Multiple-Octet Coded Character Set (UCS)_ (ISO/IEC 10646:2003). Geneva, Switzerland: International Organization for Standardization, 2003.] ISO/IEC. Programming Languages—C++, Second Edition (ISO/IEC 14882-2003). Geneva, Switzerland: ISO, 2003.

Anchor
ISO/IEC 14882-20032011
ISO/IEC 14882-2011
Anchor
ISO-IEC 14882-20032011
unmigrated
ISO-
wiki
IEC 14882-
markup
2011

\[ISO/IEC 14882:2003\2011] ISO/IEC. _Programming Languages --- CInformation Technology—Programming Languages—C++, Second Third Edition _ (ISO/IEC 14882-20032011). Geneva, Switzerland: International Organization for Standardization, 2003ISO, 2011.

Anchor
ISO/IEC 23360-1-2006
ISO/IEC 23360-1-2006
Anchor
ISO-IEC 23360-1-2006
Wiki Markup\
ISO-IEC 23360-1-2006

[ISO/IEC 23360-1:2006\] [_Linux Standard Base ] ISO/IEC. Linux Standard Base (LSB) core specification Core Specification 3.1 - Part 1—Part 1: Generic specification_|http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic.pdf]Generic Specification. Geneva, Switzerland: ISO, 2006.

Anchor
ISO/IEC 646-1991
ISO/IEC 646-1991
Anchor
ISO/-IEC 03646-1991
ISO/-IEC 03
Wiki Markup\
646-1991

[ISO/IEC 03\] 646:1991] ISO/IEC. [_Rationale for International Standard --- Programming Languages --- C, Revision 5.10_|http://www.open-std.org/jtc1/sc22/wg14/www/C99RationaleV5.10.pdf]. Geneva, Switzerland: International Organization for Standardization, April 2003 Information Technology: ISO 7-Bit Coded Character Set for Information Interchange (ISO/IEC 646-1991). Geneva, Switzerland: ISO, 1991.

Anchor
ISO/IEC JTC1/SC22/WG11ISO/IEC JTC1/SC22/WG11
Wiki Markup
9899:1990
ISO/IEC 9899:1990
Anchor
ISO-IEC 9899-1990
ISO-IEC 9899-1990

[ISO/IEC 9899:1990] ISO/IEC. Programming Languages—C (ISO/IEC 9899:1990). Geneva, Switzerland: ISO, 1990\[ISO/IEC JTC1/SC22/WG11\] ISO/IEC. [_Binding Techniques_|http://www.open-std.org/JTC1/SC22/WG11/] (ISO/IEC JTC1/SC22/WG11), 2007.

Anchor
ISO/IEC DTR 247329899:1999
ISO/IEC DTR 24732
Wiki Markup\
IEC 9899:1999
Anchor
ISO-IEC 9899-1999
ISO-IEC 9899-1999

[ISO/IEC DTR 24732\] 9899:1999] ISO/IEC JTC1 SC22 WG14 N1290. [Extension for the programming language C to support decimal floating-point arithmetic|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1290.pdf], March 2008. Programming Languages—C, 2nd ed (ISO/IEC 9899:1999). Geneva, Switzerland: ISO, 1999.

Anchor
ISO/IEC PDTR 24731-2-20079899-2011
ISO/IEC PDTR 24731-2-2007
Wiki Markup\
9899-2011
Anchor
ISO-IEC 9899-2011
ISO-IEC 9899-2011

[ISO/IEC PDTR 24731-2\] [Extensions to the C Library, --- Part II: Dynamic Allocation Functions|http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1248.pdf], August 20079899:2011] ISO/IEC. Programming Languages—C, 3rd ed (ISO/IEC 9899:2011). Geneva, Switzerland: ISO, 2011.

Anchor
ISO/IEC PDTR 247729899-2017
ISO/IEC PDTR 24772
Wiki Markup\
IEC 9899-2017
Anchor
ISO-IEC 9899-2017
ISO-IEC 9899-2017

[ISO/IEC PDTR 24772\] 9899:2017] ISO/IEC PDTR 24772. _Information Technology_ --- _Programming Languages_ --- [_Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use_|http://www.aitcnet.org/isai/_NextMeeting/22-OWGV-N-0134/n0134.pdf], March 2008Programming Languages—C, 4th ed (ISO/IEC 9899:2017). Geneva, Switzerland: ISO, 2017.

Anchor
ISO/IEC TR 24731-1-20079899-2024
ISO/IEC TR 24731-1-20079899-2024
Anchor
ISO-IEC 9899-2024
ISO-IEC 9899-2024

Wiki Markup\[ISO/IEC TR 24731-1:2007\] 9899:2024] ISO/IEC TR 24731. _Extensions to the C Library, --- Part I: Bounds-checking interfaces_. Geneva, Switzerland: International Organization for Standardization, April 2006. AnchorJack 07Jack 07

Wiki Markup
\[Jack 07\] Jack, Barnaby. [_Vector Rewrite Attack_|http://www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf], May 2007.

...

Wiki Markup
\[Jones 04\] Jones, Nigel. ["Learn a new trick with the offsetof() macro."|http://www.netrino.com/Articles/OffsetOf/index.php] _Embedded Systems Programming_, March 2004.

...

Wiki Markup
\[Jones 08\] Jones, Derek M. [The New C Standard: An economic and cultural commentary|http://www.knosof.co.uk/cbook/]. Knowledge Software Ltd., 2008.

...

Wiki Markup
\[Keil 08\] Keil, an ARM Company. "[Floating Point Support|http://www.keil.com/support/man/docs/armlib/armlib_bihbjiea.htm]." _RealView Libraries and Floating Point Support Guide_, 2008.

...

Wiki Markup
\[Kennaway 00\] Kennaway, Kris. [Re: /tmp topic|http://lwn.net/2000/1221/a/sec-tmp.php3], December 2000.

...

Wiki Markup
\[Kernighan 88\] Kernighan , Brian W., & Ritchie, Dennis M. _The C Programming Language, 2nd ed._ Englewood Cliffs, NJ: Prentice-Hall, 1988.

...

Wiki Markup
\[Kettlewell 02\] Kettlewell, Richard. [_C Language Gotchas_|http://www.greenend.org.uk/rjk/2001/02/cfu.html], February 2002.

...

Wiki Markup
\[Kettlewell 03\] Kettlewell, Richard. [_Inline Functions In C_|http://www.greenend.org.uk/rjk/2003/03/inline.html], March 2003.

...

Wiki Markup
\[Kirch-Prinz 02\] Kirch-Prinz, Ulla & Prinz, Peter. _C Pocket Reference_.  Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2).

...

Wiki Markup
\[Klarer 04\] Klarer, R., Maddock, J., Dawes, B. & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C+\+ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004. Available at [http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2004/n1720.html].

...

Wiki Markup
\[Klein 02\] Klein, Jack. [_Bullet Proof Integer Input Using strtol()_|http://home.att.net/~jackklein/c/code/strtol.html], 2002.

...

Wiki Markup
\[Koenig 89\] Koenig,  Andrew. _C Traps and Pitfalls_. Addison-Wesley Professional, January 1, 1989.

...

Wiki Markup
\[Kuhn 06\] Kuhn, Markus. [_UTF-8 and Unicode FAQ for Unix/Linux_|http://www.cl.cam.ac.uk/~mgk25/unicode.html], 2006.

...

Wiki Markup
\[Lai 06\] Lai, Ray. "[Reading Between the Lines|http://undeadly.org/cgi?action=article&sid=20061027031811]." _OpenBSD Journal_, October 2006.

...

Wiki Markup
\[Lewis 06\] Lewis, Richard. "[Security Considerations When Handling Sensitive Data|http://secureapps.blogspot.com/2006/10/security-considerations-when-handling.html]." Posted on the Application Security by Richard Lewis blog October 2006.

...

Wiki Markup
\[Linux 07\] [Linux Programmer's Manual|http://www.kernel.org/doc/man-pages/online_pages.html], July 2007.

...

Wiki Markup
\[Lions 96\] Lions, J. L. [ARIANE 5 Flight 501 Failure Report|http://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report]. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

...

Wiki Markup
\[Lipson 00\] Lipson, Howard  & Fisher, David. "Survivability: A New Technical and Business Perspective on Security," 33-39. _Proceedings of the 1999 New Security Paradigms Workshop_. Caledon Hills, Ontario, Canada, Sept. 22-24, 1999. New York: Association for Computing Machinery, 2000.

...

Wiki Markup
\[Lipson 06\] Lipson, Howard. _Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks_ (CMU/SEI-2006-TN-027).  Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

...

. Programming Languages—C, 5th ed (ISO/IEC 9899:2024). Geneva, Switzerland: ISO, 2024.

Anchor
ISO/IEC 9945-2003
ISO/IEC 9945-2003
Anchor
ISO-IEC 9945-2003
ISO-IEC 9945-2003

[ISO/IEC 9945:2003] ISO/IEC. Information Technology—Programming Languages, Their Environments and System Software Interfaces—Portable Operating System Interface (POSIX®) [including Technical Corrigendum 1] (ISO/IEC 9945:2003). Geneva, Switzerland: ISO, 2003.

Anchor
ISO/IEC/IEEE 24765:2010
ISO/IEC/IEEE 24765:2010
Anchor
ISO/IEC/IEEE 24765-2010
ISO/IEC/IEEE 24765-2010

[ISO/IEC/IEEE 24765:2010] ISO/IEC/IEEE. Systems and Software Engineering—Vocabulary (ISO/IEC/IEEE 24765:2010). Geneva, Switzerland: ISO, 2010.

Anchor
ISO/IEC/IEEE 9945-2008
ISO/IEC/IEEE 9945-2008
Anchor
ISO-IEC-IEEE 9945-2008
ISO-IEC-IEEE 9945-2008

[ISO/IEC/IEEE 9945:2008] ISO/IEC/IEEE. Information Technology—Programming Languages, Their Environments and System Software Interfaces—Portable Operating System Interface (POSIX ® ). (ISO/IEC/IEEE 9945:2008) Geneva, Switzerland: ISO, 2008.

Anchor
ISO/IEC DTR 24732
ISO/IEC DTR 24732
Anchor
ISO-IEC DTR 24732
ISO-IEC DTR 24732

[ISO/IEC DTR 24732] ISO/IEC JTC1 SC22 WG14 N1290. Extension for the Programming Language C to Support Decimal Floating-Point Arithmetic . Geneva, Switzerland: ISO, March 2008.

Anchor
ISO/IEC JTC1/SC22/WG11
ISO/IEC JTC1/SC22/WG11
Anchor
ISO-IEC JTC1-SC22-WG11
ISO-IEC JTC1-SC22-WG11

[ISO/IEC JTC1/SC22/WG11] ISO/IEC. Binding Techniques (ISO/IEC JTC1/SC22/WG11). Geneva, Switzerland: ISO, 2007.

Anchor
ISO-IEC JTC1-SC22-WG14
ISO-IEC JTC1-SC22-WG14

[ISO/IEC JTC1/SC22/WG14] ISO/IEC. Solving the Struct Hack Problem (ISO/IEC JTC1/SC22/WG14 N791). Geneva, Switzerland: ISO, 1997.

Anchor
ISO/IEC TR 24731-1-2007
ISO/IEC TR 24731-1-2007
Anchor
ISO-IEC TR 24731-1-2007
ISO-IEC TR 24731-1-2007

[ISO/IEC TR 24731-1:2007] ISO/IEC TR 24731. Extensions to the C Library—Part I: Bounds-Checking Interfaces. Geneva, Switzerland: ISO, April 2006.

Anchor
ISO/IEC PDTR 24731-2-2007
ISO/IEC PDTR 24731-2-2007
Anchor
ISO-IEC PDTR 24731-2-2007
ISO-IEC PDTR 24731-2-2007

[ISO/IEC PDTR 24731-2] Extensions to the C Library—Part II: Dynamic Allocation Functions. Geneva, Switzerland: ISO, August 2007.

Anchor
ISO/IEC TR 24731-2-2010
ISO/IEC TR 24731-2-2010
Anchor
ISO-IEC TR 24731-2-2010
ISO-IEC TR 24731-2-2010

[ISO/IEC TR 24731-2:2010] ISO/IEC TR 24731. Extensions to the C Library—Part II: Dynamic Allocation Functions . Geneva, Switzerland: ISO, April 2010.

Anchor
ISO/IEC TR 24772-2010
ISO/IEC TR 24772-2010
Anchor
ISO-IEC TR 24772-2010
ISO-IEC TR 24772-2010

[ISO/IEC TR 24772:2010] ISO/IEC TR 24772:2010. Information Technology— Programming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: ISO, October 2010.

Anchor
ISO/IEC TR 24772-2013
ISO/IEC TR 24772-2013
Anchor
ISO-IEC TR 24772-2013
ISO-IEC TR 24772-2013

[ISO/IEC TR 24772:2013] ISO/IEC TR 24772:2013. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: ISO, March 2013.

Anchor
ISO/IEC TS 17961
ISO/IEC TS 17961
Anchor
ISO-IEC TS 17961
ISO-IEC TS 17961
Anchor
ISO/IEC TS 17961-2013
ISO/IEC TS 17961-2013

[ISO/IEC TS 17961] ISO/IEC TS 17961. Information Technology—Programming Languages, Their Environments and System Software Interfaces—C Secure Coding Rules. Geneva, Switzerland: ISO, 2012.

Anchor
ISO/IEC WG14 N1173
ISO/IEC WG14 N1173
Anchor
ISO-IEC WG14 N1173
ISO-IEC WG14 N1173
[ISO/IEC WG14 N1173] ISO/IEC.  Rationale for TR 24731 Extensions to the C Library—Part I: Bounds-Checking Interfaces .

Anchor
Jack 07
Jack 07

[Jack 2007] Jack, Barnaby. Vector Rewrite Attack . May 2007.

Anchor
Jones 04
Jones 04

[Jones 2004] Jones, Nigel. Learn a New Trick with the offsetof() Macro. Embedded Systems Programming, March 2004.

Anchor
Jones 08
Jones 08

[Jones 2008] Jones, Derek M. The New C Standard: An Economic and Cultural Commentary. Knowledge Software Ltd., 2008.

Anchor
Jones 10
Jones 10

[Jones 2010] Jones, Larry. (2010). WG14 N1539 Committee Draft ISO/IEC 9899:201x .

Anchor
Juric n.d.
Juric n.d.

[Juric n.d.] Juric, Zeljko, et al. (n.d.). TIGCC Documentation, Latest Development Version (TIGCC/TIGCCLIB CVS): C Language Keywords.

Anchor
Keaton 09
Keaton 09

[Keaton 2009] Keaton, David; Plum, Thomas; Seacord, Robert C.; Svoboda, David; Volkovitsky, Alex; & Wilson, Timothy. As-if Infinitely Ranged Integer Model. CMU/SEI-2009-TN-023. July 2009.

Anchor
Keil 08
Keil 08

[Keil 2008] Keil, an ARM Company. "Floating Point Support." RealView Libraries and Floating Point Support Guide, 2008.

Anchor
Kennaway 00
Kennaway 00

[Kennaway 2000] Kennaway, Kris. Re: /tmp topic. December 2000.

Anchor
Kernighan 88
Kernighan 88

[Kernighan 1988] Kernighan, Brian W. & Ritchie, Dennis M. The C Programming Language, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1988.

Anchor
Kettle 02
Kettle 02

[Kettlewell 2002] Kettlewell, Richard. C Language Gotchas . February 2002.

Anchor
Kettle 03
Kettle 03

[Kettlewell 2003] Kettlewell, Richard. Inline Functions in C . March 2003.

Anchor
Kirch-Prinz 02
Kirch-Prinz 02

[Kirch-Prinz 2002] Kirch-Prinz, Ulla & Prinz, Peter. C Pocket Reference. Sebastopol, CA: O'Reilly, November 2002 (ISBN: 0-596-00436-2).

Anchor
Klarer 04
Klarer 04

[Klarer 2004] Klarer, R.; Maddock, J.; Dawes, B.; & Hinnant, H. "Proposal to Add Static Assertions to the Core Language (Revision 3)." ISO C++ committee paper ISO/IEC JTC1/SC22/WG21/N1720, October 2004.

Anchor
Klein 02
Klein 02

[Klein 2002] Klein, Jack. Bullet Proof Integer Input Using strtol() . 2002.

Anchor
Koenig 89
Koenig 89

[Koenig 1989] Koenig, Andrew. C Traps and Pitfalls. Addison-Wesley Professional, 1989.

Anchor
Kuhn 06
Kuhn 06

[Kuhn 2006] Kuhn, Markus. UTF-8 and Unicode FAQ for Unix/Linux . 2006.

Anchor
Lai 06
Lai 06

[Lai 2006] Lai, Ray. "Reading Between the Lines." OpenBSD Journal, October 2006.

Anchor
Lea 2000
Lea 2000

[Lea 2000] Lea, Doug. Concurrent Programming in Java, 2nd ed., Addison-Wesley Professional, Boston, 2000.

Anchor
Lewis 06
Lewis 06

[Lewis 2006] Lewis, Richard. "Security Considerations when Handling Sensitive Data." Posted on the Application Security by Richard Lewis blog October 2006.

Anchor
Linux 08
Linux 08

[Linux 2008] Linux Programmer's Manual. October 2008.

Anchor
Lions 96
Lions 96

[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

Anchor
Lipson 00
Lipson 00

[Lipson 2000] Lipson, Howard & Fisher, David. "Survivability: A New Technical and Business Perspective on Security," 33–39. Proceedings of the 1999 New Security Paradigms Workshop. Caledon Hills, Ontario, Canada, Sept. 22–24, 1999. New York: Association for Computing Machinery, 2000.

Anchor
Lipson 06
Lipson 06

[Lipson 2006] Lipson, Howard. Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks (CMU/SEI-2006-TN-027).  Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006.

Anchor
Liu 2009
Liu 2009

[Liu 2009] Likai Liu. Making NULL-pointer reference legal, Life of a Computer Science Student. January, 2009.

Anchor
Lockheed Martin 05
Lockheed Martin 05

[Lockheed Martin 2005] Lockheed Martin. Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program. Document Number 2RDU00001 Rev C., December 2005.

Anchor
Loosemore 07
Loosemore 07

[Loosemore 2007] Loosemore, Sandra; Stallman, Richard M.; McGrath, Roland; Oram, Andrew; & Drepper, Ulrich. The GNU C Library Reference Manual, Edition 0.11. September 2007.

Anchor
McCluskey 01
McCluskey 01

[McCluskey 2001] McCluskey, Glen.  Flexible Array Members and Designators in C9X . ;login:, 26, 4 (July 2001): 29–32.

Anchor
Mell 07
Mell 07

[Mell 2007] Mell, Peter; Scarfone, Karen; & Romanesky, Sasha. "A Complete Guide to the Common Vulnerability Scoring System Version 2.0." FIRST, June 2007.

Anchor
mercy 06
mercy 06

[Mercy 2006] Mercy. Exploiting Uninitialized Data . January 2006.

Anchor
Meyers 2004
Meyers 2004

[Meyers 2004] Meyers, Randy. Limited size_t WG14 N1080. September 2004.

Anchor
Michael 2004
Michael 2004

[Michael 2004] Michael, M.M. "Hazard Pointers: Safe Memory Reclamation for Lock-Free Objects." IEEE Transactions on Parallel and Distributed Systems, 15, 8 (2004).

Anchor
Microsoft 03
Microsoft 03

[Microsoft 2003] Microsoft Security Bulletin MS03-026, "Buffer Overrun In RPC Interface Could Allow Code Execution (823980)." September 2003.

Anchor
Microsoft 07
Microsoft 07

[Microsoft 2007] Microsoft. C Language Reference, 2007.

Anchor
Miller 2007
Miller 2007

[Miller 2007] Miller, Damien. "Security Measures in OpenSSH," white paper. OpenSSH Project, 2007.

Anchor
Miller 99
Miller 99

[Miller 1999] Miller, Todd C. & de Raadt, Theo. strlcpy and strlcat—Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference, June 6–11, 1999, Monterey, California, USA. Berkeley, CA: USENIX Association, 1999.

Anchor
Miller 04
Miller 04

[Miller 2004] Miller, Mark C.; Reus, James F.; Matzke, Robb P.; Koziol, Quincey A.; & Cheng, Albert P. "Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing." In Proceedings of the Nuclear Explosives Code Developer's Conference. Livermore, CA: Lawrence Livermore National Laboratory, December 2004.

Anchor
MISRA 04
MISRA 04

[MISRA 2004] MISRA (Motor Industry Software Reliability Association). MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems. Nuneaton, UK: MIRA, 2004 (ISBN 095241564X).

Anchor
MISRA 08
MISRA 08

[MISRA 2008] MISRA. MISRA C++ : 2008 Guidelines for the Use of the C++ Language in Critical Systems. Nuneaton, UK: MIRA, 2008 (ISBN 978-906400-03-3 [paperback], ISBN 978-906400-04-0 [PDF]), 2008.

Anchor
MISRA 12
MISRA 12

[MISRA C:2012] MISRA. MISRA C3: Guidelines for the Use of the C Language in Critical Systems 2012. Nuneaton, UK: MIRA, 2012. ISBN 978-1-906400-10-1.

Anchor
MIT 04
MIT 04

[MIT 2004] MIT (Massachusetts Institute of Technology). "MIT krb5 Security Advisory 2004-002,"

...

Wiki Markup
\[Lockheed Martin 05\] Lockheed Martin. "[Joint Strike Fighter Air Vehicle C+\+ Coding Standards for the System Development and Demonstration Program.|http://www.research.att.com/~bs/JSF-AV-rules.pdf]" Document Number 2RDU00001 Rev C., December 2005.

...

Wiki Markup
\[Loosemore 07\] Loosemore, Sandra, Stallman, Richard M., McGrath, Roland, Oram, Andrew, & Drepper, Ulrich. [The GNU C Library Reference Manual|http://www.gnu.org/software/libc/manual/], Edition 0.11,  September 2007.

...

Wiki Markup
\[McCluskey 01\] [_flexible array members and designators in C9X_|http://www.usenix.org/publications/login/2001-07/pdfs/mccluskey.pdf] ;login:, July 2001, Volume 26, Number 4, p. 29---32.

...

Wiki Markup
\[Mell 07\] P. Mell, K. Scarfone, and S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", FIRST, June 2007.

...

Wiki Markup
\[mercy\] mercy. [_Exploiting Uninitialized Data_|http://www.felinemenace.org/papers/UBehavior.zip], January 2006.

...

Wiki Markup
\[Microsoft 03\] Microsoft Security Bulletin MS03-026, "[Buffer Overrun In RPC Interface Could Allow Code Execution (823980)|http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx]," September 2003.

...

Wiki Markup
\[Microsoft 07\] [C Language Reference|http://msdn2.microsoft.com/en-us/library/fw5abdx6(VS.80).aspx], 2007.

...

Wiki Markup
\[Miller 99\] Todd C. Miller and Theo de Raadt. strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. In Proceedings of the FREENIX Track, 1999 USENIX Annual Technical Conference.

...

Wiki Markup
\[Miller 04\] Miller, Mark C., Reus, James F., Matzke, Robb P., Koziol, Quincey A., & Cheng, Albert P. "[Smart Libraries: Best SQE Practices for Libraries with an Emphasis on Scientific Computing|https://wci.llnl.gov/codes/smartlibs/UCRL-JRNL-208636.pdf]." _Proceedings of the Nuclear Explosives Code Developer's Conference_, December 2004.

...

Wiki Markup
\[MISRA 04\] MISRA Limited. "[MISRA C|http://www.misra.org.uk/]: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

AnchorMIT 04MIT 04 Wiki Markup\[MIT 04\] MIT. "[MIT krb5 Security Advisory 2004-002|hhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt], 2004.

Anchor
MIT 05
MIT 05
Wiki Markup\
[MIT 05\2005] MIT. "[MIT krb5 Security Advisory 2005-003|http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-Security Advisory 2005-003-recvauth.txt], 2005.

Anchor
MITRE
MITRE

[MITRE] MITRE. Common Weakness Enumeration, Version 1.8. February 2010.

Anchor
MITRE 07
MITRE 07
unmigrated-wiki-markup
\
[MITRE 07\2007] MITRE. [Common Weakness Enumeration, Draft 9|http://cwe.mitre.org/], April 2008. April 2008.

Anchor
MKS
MKS

[MKS] MKS, Inc. MKS Reference Pages.

Anchor
MSDN
MSDN
unmigrated-wiki-markup
\
[MSDN\] [Microsoft Developer Network|http://msdn.microsoft.com/en-us/default.aspx].

Anchor
Murenin 07
Murenin 07
Wiki Markup\
[Murenin 07\2007] Murenin, Constantine A. "[cnst: 10-year-old pointer-arithmetic bug in Year-Old Pointer-Arithmetic Bug in make(1) is now gone, thanks to Is Now Gone, Thanks to malloc.conf and some debugging|http://cnst.livejournal.com/24040.html]," June and Some Debugging. LiveJournal, June 2007.

Anchor
NAI 98
NAI 98
Wiki Markup\
[NAI 98\1998] Network Associates , Inc. [Bugtraq: Network Associates Inc. Advisory (OpenBSD)|http://seclists.org/bugtraq/1998/Aug/0071.html], Advisory (OpenBSD). 1998.

Anchor
NASA-GB-1740.13
NASA-GB-1740.13
unmigrated-wiki-markup
\
[NASA-GB-1740.13\] NASA Glenn Research Center, Office of Safety Assurance Technologies. [_NASA Software Safety Guidebook_|http://pbma.nasa.gov/docs/public/pbma/general/guidbook.doc] (NASA-GB-1740.13). AnchorNIST 06NIST 06 Wiki Markup\[NIST 06\] NIST. [_SAMATE Reference Dataset_|http://samate.nist.gov/SRD/], 20061740.13).

Anchor
NIST 06b06
NIST 06b
Wiki Markup\
06

[NIST 06b\2006] NIST. [DRAFT Source Code Analysis Tool Functional Specification. |http://samate.nist.gov/docs/SAMATE_source_code_analysis_tool_spec_09_15_06.pdf] NIST Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, September SAMATE Reference Dataset . 2006.

OpenBSD
Anchor
OpenBSD
unmigrated-wiki-markup
OpenBSD
\
[OpenBSD\] Berkley Software Design, Inc. [Manual Pages|http://www.openbsd.org/cgi-bin/man.cgi], June 2008. AnchorOpen Group 97aOpen Group 97a

Wiki Markup
\[Open Group 97a\] The Open Group. [_The Single UNIX® Specification, Version 2_|http://www.opengroup.org/onlinepubs/7990989775/toc.htm], 1997.

...

Wiki Markup
\[Open Group 97b\] The Open Group. [_Go Solo 2---The Authorized Guide to Version 2 of the Single UNIX Specification_|http://www.unix.org/whitepapers/64bit.html], May 1997.

Pages. June 2008.

Anchor
Open Group 97a
Open Group 97a

[Open Group 1997a] The Open Group. The Single UNIX® Specification, Version 2 . 1997.

Anchor
Open Group 97b
Open Group 97b

[Open Group 1997b] The Open Group. Go Solo 2—The Authorized Guide to Version 2 of the Single UNIX Specification . May 1997.

Anchor
POSIX.1-2004
POSIX.1-2004
Anchor
IEEE Std 1003.1-2004
IEEE Std 1003.1-2004
Anchor
ISO/IEC 9945:2003
ISO/IEC 9945:2003
Anchor
ISO-IEC 9945-2003
ISO-IEC 9945-2003
Anchor
Open Group 04
Open Group 04

[Open Group 2004] The Open Group. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition . 2004. (See also IEEE Std 1003.1-2004.)

Anchor
POSIX.1-2008
POSIX.1-2008
Anchor
IEEE Std 1003.1-2008
IEEE Std 1003.1-2008
Anchor
ISO/IEC 9945:2008
ISO/IEC 9945:2008
Anchor
ISO-IEC 9945-2003
ISO-IEC 9945-2003
Anchor
Open Group 08
Open Group 08

[Open Group 2008] The Open Group. The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition . 2008. (See also IEEE Std 1003.1-2008.)

Anchor
OpenMP
OpenMP

[OpenMP] The OpenMP API® Specification for Parallel Programming AnchorOpen Group 04Open Group 04 Wiki Markup\[Open Group 04\] The Open Group and the IEEE. [_The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition_|http://www.opengroup.org/onlinepubs/009695399/toc.htm], 2004.

Anchor
OWASP Double Free
OWASP Double Free
Wiki Markup\
[OWASP Double Free\] Open Web Application Security Project, "[Double Free|http://www.owasp.org/index.php/Double_Free]."

Anchor
OWASP Freed Memory
OWASP Freed Memory
Wiki Markup\
[OWASP Freed Memory\] Open Web Application Security Project, "[Using freed memory|http://www.owasp.org/index.php/Using_freed_memory]Using Freed Memory."

Anchor
Pethia 03
Pethia 03
unmigrated-wiki-markup
\
[Pethia 03\2003] Pethia, Richard D. "[Viruses and Worms: What Can We Do About Them?|http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/]" September 10, 2003.

Anchor
Pfaff 04
Pfaff 04
unmigrated-wiki-markup
\
[Pfaff 04\2004] Pfaff, Ken Thompson. "[Casting (time_t)(-1)|http://groups.google.com/group/comp.lang.c/browse_thread/thread/8983d8d729244f2b/ea0e2972775a1114?#ea0e2972775a1114]." _Google Groups )." Google Groups comps.lang.c_, March 2, 2004.

Anchor
Pike 93
Pike 93
unmigrated-wiki-markup
\
[Pike 93\1993] Pike, Rob & Thompson, Ken. "Hello World." _Proceedings of the USENIX Winter 1993 Technical Conference_, San Diego, CA, January 25-\--29, 1993, pp. 43-\--50.January 25–29, 1993, pp3 43–50.

Anchor
Plakosh 05
Plakosh 05
Wiki Markup\
[Plakosh 05\2005] Plakosh, Dan. [_"Consistent Memory Management Conventions_|https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/476.html], ." Build Security In, 2005.

Anchor
Plum 85
Plum 85
unmigrated-wiki-markup
\
[Plum 85\1985] Plum, Thomas. _Reliable Data Structures in C_. Kamuela, HI: Plum Hall, Inc., 1985 (ISBN 0-911537-04-X).

Anchor
Plum 89
Plum 89
unmigrated-wiki-markup
\
[Plum 89\1989] Plum, Thomas , & Saks, Dan. _C Programming Guidelines, 2nd ed_. Kamuela, HI: Plum Hall, 1989 (ISBN 0911537074).

Anchor
Plum 91
Plum 91
Wiki Markup
\[Plum 91\1991] Plum, Thomas. _C+\+ Programming_. Kamuela, HI: Plum Hall, 1991 (ISBN 0911537104).

Anchor
Plum 08
Plum 08

[Plum 2008] Plum, Thomas. "Static Assertions." June 2008.

Anchor
Plum 0812
Plum 08
Wiki Markup\
12

[Plum 08\2012] Plum, Thomas. Static Assertions. June, 2008. [http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1330.pdf] C Finally Gets a New Standard. Dr. Dobb's, 2012.

Anchor
Redwine 06
Redwine 06
Wiki Markup\
[Redwine 06\2006] Redwine, Samuel T., Jr., ed. _Secure Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software Version 1.1_. U.S. Department of Homeland Security, September 2006. (See [Software Assurance Common Body of Knowledge|https://buildsecurityin.us-cert.gov/daisy/bsi/resources/dhs/95.html] on Build Security In.)

Anchor
Roelker 04
Roelker 04

[Roelker 2004] Roelker, Daniel. "HTTP IDS Evasions Revisited." September 2004.

Anchor
RUS-CERT
RUS-CERT
Wiki Markup\
[RUS-CERT\] RUS-CERT Advisory 2002-08:02, "[Flaw in calloc and similar routines|http://cert.uni-stuttgart.de/advisories/calloc.php]," -08:02, "Flaw in calloc and Similar Routines." 2002.

Anchor
Saltzer 74Saltzer 74

Wiki Markup
\[Saltzer 74\] Saltzer, J. H. Protection and the Control of Information Sharing in Multics. _Communications of the ACM 17_, 7 (July 1974): 388---402.

...

Wiki Markup
\[Saltzer 75\] Saltzer, J. H., & Schroeder, M. D. "The Protection of Information in Computer Systems." _Proceedings of the IEEE 63_, 9 (September 1975): 1278-1308.

...

Wiki Markup
\[Saks 99\] Saks, Dan. "[const T vs.T const|http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf]." _Embedded Systems Programming_, February 1999, pp. 13-16.

...

Wiki Markup
\[Saks 00\] Saks, Dan. "[Numeric Literals|http://www.embedded.com/2000/0009/0009pp.htm]." _Embedded Systems Programming_, September 2000.

...

Wiki Markup
\[Saks 01a\] Saks, Dan. "[Symbolic Constants|http://www.embedded.com/story/OEG20011016S0116]." _Embedded Systems Design_, November 2001.

...

Saks 99
Saks 99

[Saks 1999] Saks, Dan. "const T vs.T const." Embedded Systems Programming, February 1999, pp. 13–16.

Anchor
Saks 00
Saks 00

[Saks 2000] Saks, Dan. "Numeric Literals ." Embedded Systems Programming, September 2000.

Anchor
Saks 01a
Saks 01a

[Saks 2001a] Saks, Dan. "Symbolic Constants ." Embedded Systems Design, November 2001.

Anchor
Saks 01b
Saks 01b

[Saks 2001b] Saks, Dan. "Enumeration Constants vs. Constant Objects." Embedded Systems Design, November 2001.

Anchor
Saks 02
Saks 02

[Saks 2002] Saks, Dan. "Symbolic Constant Expressions." Embedded Systems Design, February 2002.

Anchor
Saks 05
Saks 05

[Saks 2005] Saks, Dan. "Catching Errors Early with Compile-Time Assertions." Embedded Systems Design, June 2005.

Anchor
Saks 07a
Saks 07a

[Saks 2007a] Saks, Dan. "Sequence Points." Embedded Systems Design, July 1, 2002.

Anchor
Saks 07b
Saks 07b

[Saks 2007b] Saks, Dan. "Bail, Return, Jump, or . . . Throw?" Embedded Systems Design, March 2007.

Anchor
Saks 07c
Saks 07c

[Saks 2007c] Saks, Dan. "Standard C's Pointer Difference Type." Embedded Systems Design, October 2007.

Anchor
Saks 08
Saks 08

[Saks 2008] Saks, Dan & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation). March 2008.

Anchor
Saltzer 74
Saltzer 74

[Saltzer 1974] Saltzer, J. H. "Protection and the Control of Information Sharing in Multics." Communications of the ACM 17, 7 (July 1974): 388–402.

Anchor
Saltzer 75
Saltzer 75

[Saltzer 1975] Saltzer, J. H. & Schroeder, M. D. "The Protection of Information in Computer Systems." Proceedings of the IEEE 63, 9 (September 1975): 1278–1308.

Anchor
Schwarz 05
Schwarz 05

[Schwarz 2005] Schwarz, B.; Wagner, Hao Chen; Morrison, D.; West, G.; Lin, J.; & Tu, J. Wei. "Model Checking an Entire Linux Distribution for Security Violations." Proceedings of the 21st Annual Computer Security Applications Conference, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

Anchor
Seacord 03
Seacord 03

[Seacord 2003] Seacord, Robert C.; Plakosh, Daniel; & Lewis, Grace A. Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices . Boston: Addison-Wesley, 2003.

Anchor
Seacord 05
Seacord 05
Anchor
Seacord 05a
Seacord 05a
Anchor
Seacord 2005a
Seacord 2005a

[Seacord 2005a] Seacord, Robert C. Secure Coding in C and C++. Boston: Addison-Wesley, 2005. (See http://www.cert.org/books/secure-coding for news and errata.)

Anchor
Seacord 05b
Seacord 05b

[Seacord 2005b] Seacord, Robert C. "Managed String Library for C, C/C++." Users Journal, 23, 10 (October 2005): 30–34.

Anchor
Seacord 05c
Seacord 05c

[Seacord 2005c] Seacord, Robert C. "Variadic Functions: How They Contribute to Security Vulnerabilities and How to Fix Them." Linux World Magazine, November 2005.

Anchor
Seacord 2013a
Seacord 2013a

[Seacord 2013a] Seacord, Robert C. “C Secure Coding Rules: Past, Present, and Future.” InformIT, June 26, 2013.

Anchor
Seacord 2013
Seacord 2013
Anchor
Seacord 13
Seacord 13

[Seacord 2013b] Seacord, Robert C. Secure Coding in C and C++. Boston: Addison-Wesley, 2013. (See http://www.cert.org/books/secure-coding for news and errata.)

Anchor
Secunia
Secunia

[Secunia] Secunia Advisory SA10635, "HP-UX calloc Buffer Size Miscalculation Vulnerability." 2004.

Anchor
SecurityFocus 07
SecurityFocus 07

[SecurityFocus 2007] SecurityFocus. "Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability." 2001.

Anchor
SecuriTeam 07
SecuriTeam 07

[SecuriTeam 2007] SecuriTeam. "Microsoft Visual C++ 8.0 Standard Library Time Functions Invalid Assertion DoS (Problem 3000)." February 13, 2007.

Anchor
Sloss 04
Sloss 04

[Sloss 2004] Sloss, Andrew; Symes, Dominic; & Wright, Chris. ARM System Developer's Guide . San Francisco: Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

Anchor
Spinellis 06
Spinellis 06

[Spinellis 2006] Spinellis, Diomidis. Code Quality: The Open Source Perspective . Boston: Addison-Wesley, 2006.

Anchor
StackOvflw 09
StackOvflw 09

[StackOvflw 2009] StackOverflow.com. "Should I return TRUE / FALSE values from a C function?" User Questions, March 15, 2010.

Anchor
Steele 77
Steele 77

[Steele 1977] Steele, G. L. "Arithmetic shifting considered harmful." SIGPLAN Not. 12, 11 (November 1977): 61–69.

Anchor
Stevens 05
Stevens 05

[Stevens 2005] Stevens, W. Richard. Advanced Programming in the UNIX Environment. Boston: Addison-Wesley, 1995 (ISBN 032152594-9).

Anchor
Summit 95
Summit 95

[Summit 1995] Summit, Steve. C Programming FAQs: Frequently Asked Questions. Boston: Addison-Wesley, 1995 (ISBN 0201845199).

Anchor
Summit 05
Summit 05

[Summit 2005] Summit, Steve. comp.lang.c Frequently Asked Questions . 2005.

Anchor
Sun
Sun
Anchor
Sun 93
Sun 93

[Sun 1993] Sun Microsystems. Sun Security Bulletin #00122 1993.

Anchor
Sun 05
Sun 05

[Sun 2005] Sun Microsystems. C User's Guide. 819-3688-10. Sun Microsystems, 2005.

Anchor
Sutter 04
Sutter 04

[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei. C++ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston: Addison-Wesley Professional, 2004 (ISBN 0321113586).

Anchor
Tsafrir 08
Tsafrir 08

[Tsafrir 2008] Tsafrir, Dan; Da Silva, Dilma; & Wagner, David. The Murky Issue of Changing Process Identity: Revising "Setuid Demystified." USENIX, June 2008, pp. 55–66

Anchor
Unicode 06
Unicode 06

[Unicode 2006] The Unicode Consortium. The Unicode Standard, Version 5.0, 5th ed. Boston: Addison-Wesley Professional, 2006 (ISBN: 0321480910).

Anchor
Unicode 12
Unicode 12

[Unicode 2012] The Unicode Consortium.  The Unicode Standard, Version 6.2 .

Anchor
UNIX 92
UNIX 92

[UNIX 1992] UNIX System Laboratories. System V Interface Definition, 3rd ed. Wokingham, MA: Addison-Wesley, 1992

...

Wiki Markup
\[Saks 01b\] Saks, Dan. "[Enumeration Constants vs. Constant Objects|http://www.embedded.com/columns/programmingpointers/9900402]." _Embedded Systems Design_, November 2001.

...

Wiki Markup
\[Saks 02\] Saks, Dan. "[Symbolic Constant Expressions|http://www.embedded.com/story/OEG20020124S0117]." _Embedded Systems Design_, February 2002.

...

Wiki Markup
\[Saks 05\] Saks, Dan. "[Catching Errors Early with Compile-Time Assertions|http://www.embedded.com/columns/programmingpointers/164900888?_requestid=287187]." _Embedded Systems Design_, June 2005.

...

Wiki Markup
\[Saks 07a\] Saks, Dan. "[Sequence Points|http://www.embedded.com/columns/programmingpointers/9900661?_requestid=481957]" _Embedded Systems Design_, July 1, 2002.

...

Wiki Markup
\[Saks 07b\] Saks, Dan. [Bail, return, jump, or . . . throw?|http://www.embedded.com/columns/programmingpointers/197008821]. _Embedded Systems Design_, March 2007.

...

Wiki Markup
\[Saks 08\] Saks, Dan, & Dewhurst, Stephen C. "Sooner Rather Than Later: Static Programming Techniques for C++" (presentation, March 2008).

...

Wiki Markup
\[Schwarz 05\] Schwarz, B., Wagner, Hao Chen, Morrison, D., West, G., Lin, J., & Tu, J. Wei. "Model checking an entire Linux distribution for security violations." _Proceedings of the 21st Annual Computer Security Applications Conference_, December 2005 (ISSN 1063-9527; ISBN 0-7695-2461-3).

...

Wiki Markup
\[Seacord 03\] Seacord, Robert C., Plakosh, Daniel, & Lewis, Grace A. [_Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices_|http://www.informit.com/store/product.aspx?isbn=0321118847]. Addison-Wesley, February 2003.

...

Wiki Markup
\[Seacord 05a\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley, 2005. See [http://www.cert.org/books/secure-coding] for news and errata.

...

Wiki Markup
\[Seacord 05b\] Seacord, Robert C. "Managed String Library for C, C/C++." _Users Journal_ _23_, 10 (October 2005): 30---34.

...

Wiki Markup
\[Seacord 05c\] Seacord, Robert C. [_Variadic Functions: How they contribute to security vulnerabilities and how to fix them_|http://www.cert.org/books/secure-coding/LWM%203-11%20%28Seacord%29.pdf]. _Linux World Magazine_,  November 2005.

...

Wiki Markup
\[Secunia\] Secunia Advisory SA10635, "[HP-UX calloc Buffer Size Miscalculation Vulnerability|http://secunia.com/advisories/10635/]," 2004.

...

Wiki Markup
\[SecurityFocus 07\] SecurityFocus. "[Linux Kernel Floating Point Exception Handler Local Denial of Service Vulnerability|http://www.securityfocus.com/bid/10538/discuss]," 2001.

...

Wiki Markup
\[SecuriTeam 07\] SecuriTeam. "[Microsoft Visual C+\+ 8.0 Standard Library Time Functions Invalid Assertion DoS (Problem 3000)|http://www.securiteam.com/windowsntfocus/5MP0D0UKKO.html]," February 13, 2007.

...

Wiki Markup
\[Sloss 04\]  Sloss, Andrew, Symes, Dominic, & Wright, Chris. [_ARM System Developer's Guide_|http://www.arm.com/documentation/books/4975.html]. San Francisco:Elsevier/Morgan Kauffman, 2004 (ISBN-10: 1558608745; ISBN-13: 978-1558608740).

...

Wiki Markup
\[Spinellis 06\] Spinellis, Diomidis. [_Code Quality: The Open Source Perspective_|http://www.spinellis.gr/codequality].  Addison-Wesley, 2006.

...

Wiki Markup
\[Steele 77\]  Steele, G. L. "[Arithmetic shifting considered harmful|http://doi.acm.org/10.1145/956641.956647]." _SIGPLAN Not._ 12, 11 (November 1977), 61-69.

...

Wiki Markup
\[Summit 95\] Summit, Steve. _C Programming FAQs: Frequently Asked Questions_. Boston, MA: Addison-Wesley, 1995 (ISBN 0201845199).

...

Wiki Markup
\[Summit 05\] Summit, Steve. [_comp.lang.c Frequently Asked Questions_|http://c-faq.com/], 2005.

...

Wiki Markup
\[Sun\] [Sun Security Bulletin #00122|http://sunsolve.sun.com/search/document.do?assetkey=1-22-00122-1], 1993.

...

Wiki Markup
\[Sun 05\] [C User's Guide|http://docs.sun.com/source/819-3688/]. 819-3688-10. Sun Microsystems, Inc., 2005.

AnchorSutter 04Sutter 04 Wiki Markup\[Sutter 04\] Sutter, Herb & Alexandrescu, Andrei. C+\+ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA:Addison-Wesley Professional, 2004 (ISBN 0321113586).

Anchor
van de Voort 07
van de Voort 07
Wiki Markup\
[van de Voort 07\2007] van de Voort, Marco. [Development Tutorial (a.k.a Build FAQ)|http://www.stack.nl/~marcov/buildfaq.pdf], January 29, 2007. January 29, 2007.

Anchor
Vanegue 2010
Vanegue 2010

[Vanegue 2010] Vanegue, Julien. Automated Vulnerability Analysis of Zero-Sized Head Allocations. Hackito Ergo Sum (HES'10) Conference, Paris, April 10, 2010.

Anchor
van Sprundel06
van Sprundel06
unmigrated-wiki-markup
\
[van Sprundel 06\2006] van Sprundel, Ilja. [Unusualbugs|http://ilja. netric.org/files/Unusual%20bugs.pdf], 2006. 

Anchor
Viega 01
Viega 01
Wiki Markup\[Viega 01\] Viega, John. [Protecting Sensitive Data in Memory|http://www.cgisecurity.com/lib/protecting-sensitive-data.html], February
[Viega 2001] Viega, John. Protecting Sensitive Data in Memory. February 2001.

Anchor
Viega 03
Viega 03
Wiki Markup
\[Viega 03\2003] Viega, John , & Messier, Matt. _Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More_. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

Anchor
Viega 05
Viega 05
Wiki Markup\
[Viega 05\2005] Viega, John. [CLASP Reference Guide Volume 1.1.|http://www.securesoftware.com/process/] Secure Software, 2005.

Anchor
VU#159523
VU#159523
Wiki Markup\
[VU#159523\] Giobbi, Ryan. Vulnerability Note [VU#159523|http://www.kb.cert.org/vuls/id/159523], _Adobe Flash Player integer overflow vulnerability_, April Player Integer Overflow Vulnerability. April 2008.

Anchor
VU#162289
VU#162289
Wiki Markup\
[VU#162289\] Dougherty, Chad. Vulnerability Note [VU#162289|http://www.kb.cert.org/vuls/id/162289], _gcc silently discards some wraparound checks_, April VU#162289, GCC Silently Discards Some Wraparound Checks. April 2008.

Anchor
VU196240
VU196240
Wiki Markup\
[VU#196240\] Taschner, Chris & Manion, Art. Vulnerability Note [VU#196240|http://www.kb.cert.org/vulnotes/id/196240], _Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets_, Preprocessor Does Not Properly Reassemble Fragmented Packets. 2007.

Anchor
VU286468
VU286468
Wiki Markup\
[VU#286468\] Burch, Hal. Vulnerability Note [VU#286468|http://www.kb.cert.org/vulnotes/id/286468], _Ettercap contains a format string error in the Contains a Format String Error in the "curses_msg()" function_, Function. 2007.

Anchor
VU439395
VU439395
unmigrated-wiki-markup
\
[VU#439395\] Lipson, Howard. Vulnerability Note [VU#439395|http://www.kb.cert.org/vuls/id/439395], _Apache web server performs case sensitive filtering on Mac OS X HFS\+ case insensitive filesystem,_ Apache Web Server Performs Case Sensitive Filtering on Mac OS X HFS+ Case Insensitive Filesystem. 2001.

Anchor
VU551436
VU551436
unmigrated-wiki-markup
\
[VU#551436\] Giobbi, Ryan. Vulnerability Note [VU#551436|http://www.kb.cert.org/vulnotes/id/551436], _Mozilla Firefox SVG viewer vulnerable to buffer overflow,_ SVG Viewer Vulnerable to Buffer Overflow. 2007.

Anchor
VU568148
VU568148
Wiki Markup\
[VU#568148\] Finlay, Ian A. & Morda, Damon G. Vulnerability Note [VU#568148|http://www.kb.cert.org/vulnotes/id/568148], _Microsoft Windows RPC vulnerable to buffer overflow_, Vulnerable to Buffer Overflow. 2003.

Anchor
VU623332
VU623332
unmigrated-wiki-markup
\
[VU#623332\] Mead, Robert. Vulnerability Note [VU#623332|http://www.kb.cert.org/vuls/id/623332], _MIT Kerberos 5 contains double free vulnerability in Note VU#623332, MIT Kerberos 5 Contains Double-Free Vulnerability in "krb5_recvauth()" function,_ Function. 2005.

Anchor
VU649732
VU649732
unmigrated-wiki-markup
\
[VU#649732\] Gennari, Jeff. Vulnerability Note [VU#649732|http://www.kb.cert.org/vulnotes/id/649732], _Samba AFS ACL Mapping VFS Plug-In Format String Vulnerability,_ . 2007.

Anchor
VU654390
VU654390
unmigrated-wiki-markup
\
[VU#654390\] Rafail, Jason A. Vulnerability Note [VU#654390|https://www.kb.cert.org/vulnotes/id/654390], _ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potentialNote VU#654390, ISC DHCP Contains C Includes That Define vsnprintf() to vsprintf() Creating Potential Buffer Overflow Conditions. June 2004.

Anchor
VU720951
VU720951

[VU#720951] Dorman, Will. Vulnerability Note VU#720951, OpenSSL TLS Heartbeat Extension Read Overflow Discloses Sensitive Information. April 2014

Anchor
VU743092
VU743092

[VU#743092] Rafail, Jason A. & Havrilla, Jeffrey S. Vulnerability Note VU#743092, realpath(3) Function Contains Off-by-One Buffer Overflow. July buffer overflow conditions_, June 2004. AnchorVU743092VU743092 Wiki Markup\[VU#743092\] Rafail, Jason A. & Havrilla, Jeffrey S. Vulnerability Note [VU#743092|https://www.kb.cert.org/vulnotes/id/743092], _realpath(3) function contains off-by-one buffer overflow,_ July 2003.

Anchor
VU834865
VU834865
Wiki Markup\
[VU#834865\] Gennari, Jeff. Vulnerability Note [VU#834865|http://www.kb.cert.org/vuls/id/834865], _Sendmail signal I/O race condition_, March 2008. AnchorVU837857VU837857

Wiki Markup
\[VU#837857\] Dougherty, Chad. Vulnerability Note [VU#837857|http://www.kb.cert.org/vuls/id/837857], _SX.Org server fails to properly test for effective user ID_, August 2006.

VU#834865, Sendmail Signal I/O Race Condition. March 2008.

Anchor
VU837857
VU837857

[VU#837857] Dougherty, Chad. Vulnerability Note VU#837857, SX.Org Server Fails to Properly Test for Effective User ID. August 2006.

Anchor
VU881872
VU881872

[VU#881872] Manion, Art & Taschner, Chris. Vulnerability Note VU#881872, Sun Solaris Telnet Authentication Bypass Vulnerability. 2007.

Anchor
VU925211
VU925211

[VU#925211] Dougherty, Chad. Vulnerability Note VU#925211, “Debian and Ubuntu OpenSSL Packages Contain a Predictable Random Number Generator.” June 2008.

Anchor
Walfridsson 03
Walfridsson 03

[Walfridsson 2003] Walfridsson, Krister. Aliasing, Pointer Casts and GCC 3.3. August 2003.

Anchor
Walls 2006
Walls 2006

[Walls 2006] Walls, Douglas.  How to Use the Qualifier in C.  Sun ONE Tools Group, Sun Microsystems. March 2006.

Anchor
Wang 12
Wang 12

[Wang 2012] Wang, Xi. More Randomness or Less . June 2012 AnchorVU881872VU881872 Wiki Markup\[VU#881872\] Manion, Art & Taschner, Chris. Vulnerability Note [VU#881872|http://www.kb.cert.org/vulnotes/id/881872], _Sun Solaris telnet authentication bypass vulnerability,_ 2007.

Anchor
Warren 02
Warren 02
unmigrated-wiki-markup
\
[Warren 02\2002] Warren, Henry S. [_Hacker's Delight_|http://www. hackersdelight.org/]. Boston, MA: Addison Wesley Professional, 2002 (ISBN 0201914654).

Anchor
WG14/N1396
WG14/N1396

[WG14/N1396] Thomas, J. & Tydeman, F. "Wide function return values." September 2009.

Anchor
Wheeler 03
Wheeler 0303
Anchor
unmigrated
WG14-
wiki
N1396
WG14-
markup
N1396
\
[Wheeler 03\2003] Wheeler, David. [Secure Programming for Linux and Unix HOWTO, v3.010|http://www. dwheeler.com/secure-programs/Secure-Programs-HOWTO/], March 2003.

Anchor
Wheeler 04
Wheeler 04
Wiki Markup\
[Wheeler 04\2004] Wheeler, David. [_Secure programmerProgrammer: Call components safely_|http://www-128.ibm.com/developerworks/linux/library/l-calls.html]. December Call Components Safely. December 2004.

Anchor
Wojtczuk 08
Wojtczuk 08
unmigrated-wiki-markup
\
[Wojtczuk 08\2008] Wojtczuk, Rafal. "[Analyzing the Linux Kernel vmsplice Exploit|http://www.avertlabs.com/research/blog/index.php/2008/02/13/analyzing-the-linux-kernel-vmsplice-exploit/]." McAfee Avert Labs Blog, February 13, 2008.

Anchor
xorl 2009
xorl 2009

[xorl 2009] xorl. xorl %eax, %eax. 2009.

Anchor
Yergeau 98
Yergeau 98
unmigrated-wiki-markup
\
[Yergeau 98\1998] Yergeau, F. [RFC 2279 - UTF-8, a transformation format of ISO 10646|http://www.faqs.org/rfcs/rfc2279.html], January 199810646. January 1998.

Anchor
Zadegan 2009
Zadegan 2009

[Zadegan 2009] Zadegan, B. "A Lesson on Infinite Loops." WinJade (formerly AeroXperience), January 2009.

Anchor
Zalewski 01
Zalewski 01
Wiki Markup\
[Zalewski 01\2001] Zalewski, Michal. [_Delivering Signals for Fun and Profit: Understanding, exploiting and preventing signal-handling related vulnerabilities_|http://lcamtuf.coredump.cx/signals.txt], May 2001.Exploiting and Preventing Signal-Handling Related Vulnerabilities. Bindview Corporation, May 2001.

...

Image Added Image Added Image Added